Wireless Access

Hello.

I've created two SSIDs for guest and mobile access. My controller to provide DHCP for both. Follow the scope below:

- DHCP GUEST scope

Network: 172.16.0.0/24

Gateway: 172.16.0.1 (self controller)

-DHCP MOBILE scope

Network: 172.16.10.0/23

Gateway:172.16.10.1 (self controller)

My employee users get DHCP via Windows DHCP server at the VLAN 1. The scope for employees is:

- DHCP Employee scope

Network: 192.168.0.0/16

Gateway: 192.168.10.70

Today, all wirelless clients (Guest, Mobile and Emplyee SSIDs users) are directed to gateway 192.168.10.70.

However, I need that Mobile and Guest Traffic users (networks 172.16.0.0/24 and 172.16.10.0/23) be directed to gateway 192.168.15.1 (our ISP dedicated to Mobile and Guest users). There is another important detail, the networks 172.16.0.0/24 and 172.16.10.0/23 can't reach 192.168.0.0/16 directly. In other words, there is need to do NAT for both networks (Guest and Mobile).

Both ISPs isn't directly connnected on the controller. They are reachable my switches layer.

Summarizing the subject, my problem is who I need the traffic coming from Guest and Mobile Users to Internet must go through gateway 192.168.15.1 with NAT being the Controller IP (192.168.60.1).

On the attachment, is a simple topology for clear understanding.

Set the default gateway on the controller to be 192.168.15.1.

Disclaimer: Be aware that if you have other networks, that the controller routes to via 192.168.10.70, that you haven't mentioned you would need to add static routes on the controller to enable the controller to route traffic to them.

I appreciate your answer jrwhitehead. But the problem is if I set default gateway to 192.168.15.1, the employee traffic will pass for this Internet link - what can't happen.

I need some rule wich do all traffic coming from guest or mobile users receive NAT from source 192.168.60.1 redirecting that traffic to 192.168.15.1.

Why would employee traffic go via that gateway? From your previous post the employee client get their IP details from your internal DHCP server.

---

@pauloink wrote:

Hello.

 

I've created two SSIDs for guest and mobile access. My controller to provide DHCP for both. Follow the scope below:

 

- DHCP GUEST scope

Network: 172.16.0.0/24

Gateway: 172.16.0.1 (self controller)

 

-DHCP MOBILE scope

Network: 172.16.10.0/23

Gateway:172.16.10.1 (self controller)

 

My employee users get DHCP via Windows DHCP server at the VLAN 1. The scope for employees is:

- DHCP Employee scope

Network: 192.168.0.0/16

Gateway: 192.168.10.70

 

Today, all wirelless clients (Guest, Mobile and Emplyee SSIDs users) are directed to gateway 192.168.10.70.

 

However, I need that Mobile and Guest Traffic users (networks 172.16.0.0/24 and 172.16.10.0/23) be directed to gateway 192.168.15.1 (our ISP dedicated to Mobile and Guest users). There is another important detail, the networks 172.16.0.0/24 and 172.16.10.0/23 can't reach 192.168.0.0/16 directly. In other words, there is need to do NAT for both networks (Guest and Mobile).

 

Both ISPs isn't directly connnected on the controller. They are reachable my switches layer.

 

Summarizing the subject, my problem is who I need the traffic coming from Guest and Mobile Users to Internet must go through gateway 192.168.15.1 with NAT being the Controller IP (192.168.60.1).

 

On the attachment, is a simple topology for clear understanding.

---

You would probably need Policy-Based Routing (PBR) for that: http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-a-router-ACL-for-PBR/ta-p/234519

Perfect!!!

I did'nt know that ArubaOS work with PBR.

That's exactly what I needed.

Thanks cjoseph, excellent.